Commit Graph

22 Commits

Author SHA1 Message Date
Daira Hopwood f0f7068552 Add test vectors for map_to_simple_swu.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-27 14:24:13 +01:00
Daira Hopwood 6a4f42ce25 Resolve an ambiguity in the Internet Draft
(https://www.ietf.org/archive/id/draft-irtf-cfrg-hash-to-curve-10.html#name-finding-z-for-the-shallue-va).

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-21 13:14:15 +01:00
Daira Hopwood 71094393e8 Sage-on-Python 3 compatibility fixes.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-04-21 12:32:27 +01:00
Daira Hopwood 571dab6596 Update the Pallas test vector so that it exercises both the gx1 square and non-square branches.
This matches the comment in the Rust code:

// This test vector is chosen so that the first map_to_curve_simple_swu takes the gx1 square
// "branch" and the second takes the gx1 non-square "branch" (opposite to the Vesta test vector).

The existing test vector for Vesta, by coincidence (1 in 4 chance), did not need to be changed.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-27 13:53:00 +00:00
Daira Hopwood 044baaab1f hashtocurve.sage: the block size of BLAKE2b is 128 bytes, not 64 bytes.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-22 22:34:29 +00:00
Daira Hopwood de872b47f7 hashtocurve.sage: minor changes to get access to the Sage EllipticCurve point from hash_to_*_jacobian.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-03-06 22:04:22 +00:00
Daira Hopwood c51449a535 Change to XMD:BLAKE2b, and use the same test vectors as the Rust implementation.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-02-21 21:11:19 +00:00
Daira Hopwood 779c3b117e Fix the case where the input to map_to_curve_simplified_swu is 0.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-02-21 21:10:23 +00:00
Daira Hopwood fb448f3538 Add isogeny for Vesta.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-01-13 01:11:34 +00:00
Daira Hopwood 540fe946c1 Fix unified addition.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-01-02 21:01:33 +00:00
Daira Hopwood 8e22490f43 hashtocurve.sage: make DEBUG = True work.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-01-02 02:23:55 +00:00
Daira Hopwood 3523aee87f hashtocurve.sage: fix a bug due to inadvertently relying on values calculated by debug code.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-01-02 02:22:01 +00:00
Daira Hopwood fd7283a979 Make map_to_curve_simple_swu take a single input again (since we no longer need batch inversion).
Also make it clearer that we don't depend on Sage's elliptic curve impl except for debugging.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-01-02 00:50:42 +00:00
Daira Hopwood c0f2b2d8b6 Correct a comment.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-01-02 00:20:36 +00:00
Daira Hopwood 4a3a34feea Improve comments and cost accounting.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-01-01 19:44:32 +00:00
Daira Hopwood 50d3e83467 Implement the optimization from [WB2019, section 4.2] that removes the remaining inversion.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2021-01-01 03:37:41 +00:00
Daira Hopwood 391e67f250 hashtocurve.sage: correct a comment.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-12-31 15:26:20 +00:00
Daira Hopwood 112983e667 hashtocurve: allow use of the sqrt optimization with the Z recommended by the Internet Draft.
This also makes the sqrt and hash-to-curve implementations depend on each other less strongly.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-12-31 13:45:35 +00:00
Daira Hopwood ef3405dd20 Add an optimization from [WB2019, section 4.2] that saves a square root for each map_to_curve.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-12-31 03:35:50 +00:00
Daira Hopwood 71afc68f7d hashtocurve.sage: add Jacobian coordinate implementation that avoids two of the three inversions.
Do not base production code on this yet!

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-12-30 16:09:25 +00:00
Daira Hopwood 7df33f4ce4 hashtocurve.sage: more realistic use of Montgomery's trick.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-12-29 17:58:50 +00:00
Daira Hopwood 96fd2c794e [WIP] Add a prototype implementation of hash-to-curve. This intends to implement the Internet Draft but has not been checked.
Signed-off-by: Daira Hopwood <daira@jacaranda.org>
2020-12-29 17:58:50 +00:00